cc5596bc7783cef2d81999d74d344f8ab8f4bb10ceb39f5d1d4922dbbd6c3497

Sharing

Copy URL Twitter E-mail

General

Target

cc5596bc7783cef2d81999d74d344f8ab8f4bb10ceb39f5d1d4922dbbd6c3497
Size

342KB
MD5

b8fd270c31682aba2c4d8919d919b3a6
SHA1

1b24ee4ce0414c5953734c5b232538df90dedffe
SHA256

cc5596bc7783cef2d81999d74d344f8ab8f4bb10ceb39f5d1d4922dbbd6c3497
SHA512

6e84c5e91ce4a67e9a88775e28ef67a0eb285ff8f8b352be87ab0d885a3995548631c9d238ce4081e95873d33d98b09243b4b0e28a4abc3377c8db3728e6e537
SSDEEP

6144:qEJao4BG/3LXjZTTdoDOkqJK2DnLem/iltYtEEUNfInovEQdzvlgN98B:fJCBC3bjPoD/0ZDKmKlamhmMEQpvL

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc5596bc7783cef2d81999d74d344f8ab8f4bb10ceb39f5d1d4922dbbd6c3497

Files

cc5596bc7783cef2d81999d74d344f8ab8f4bb10ceb39f5d1d4922dbbd6c3497
.exe windows:4 windows x86

633258bf95e6b82e6a8453c30d4c9ec7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
MapViewOfFile
GetModuleHandleA
GetProcAddress
CreateRemoteThread
QueueUserAPC
ResumeThread
CreateWaitableTimerA
SetWaitableTimer
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
RtlMoveMemory
GetModuleFileNameA
GetTickCount
GetPrivateProfileStringA
DeleteFileA
FindClose
FindNextFileA
RemoveDirectoryA
FindFirstFileA
WaitForSingleObject
GetStartupInfoA
GetCommandLineA
FreeLibrary
LoadLibraryA
LCMapStringA
CreateProcessA
LocalSize
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
OpenEventA
GetCurrentProcessId
OpenProcess
CloseHandle
GetVersionExA
GetCurrentProcess
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MsgWaitForMultipleObjects
IsWindowVisible
FindWindowExA
IsWindow
GetWindowThreadProcessId
GetWindowTextA
GetClassNameA
SetWindowPos
IsIconic
OpenIcon
PeekMessageA
GetMessageA
DispatchMessageA
wsprintfA
MessageBoxA
TranslateMessage
GetClassInfoExA
CreateWindowExA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
OpenProcessToken

ws2_32

connect
htons
recv
closesocket
WSACleanup
socket
send
inet_addr
WSAStartup

msvcrt

_stricmp
calloc
__CxxFrameHandler
strncmp
free
memmove
malloc
modf
strchr
strrchr
_ftol
atoi
sprintf
??3@YAXPAX@Z
??2@YAPAXI@Z

Sections

.text
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

633258bf95e6b82e6a8453c30d4c9ec7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

msvcrt

Sections

.text Size: - Virtual size: 59KB

.rdata Size: - Virtual size: 5KB

.data Size: - Virtual size: 75KB

.vmp0 Size: - Virtual size: 278KB

.vmp1 Size: 321KB - Virtual size: 320KB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: - Virtual size: 59KB

.rdata
Size: - Virtual size: 5KB

.data
Size: - Virtual size: 75KB

.vmp0
Size: - Virtual size: 278KB

.vmp1
Size: 321KB - Virtual size: 320KB

.rsrc
Size: 20KB - Virtual size: 20KB